Hardware device binding and mutual authentication

US 8,667,265 B1
Filed: 10/20/2010
Issued: 03/04/2014
Est. Priority Date: 07/28/2010
Status: Active Grant

First Claim

Patent Images

1. A method for cryptographically authenticating hardware devices, the method comprising:

retrieving helper data, wherein the helper data is previously generated during an enrollment of the first device and a second device of the hardware devices, wherein the helper data is generated using a first hardware identifier of the first device and a second hardware identifier of the second device;

extracting the second hardware identifier using the helper data and the first hardware identifier;

generating a first challenge using the second hardware identifier;

sending the first challenge to the second device of the hardware devices;

receiving a second challenge, wherein the second challenge is generated by the second device using the first hardware identifier;

verifying the second challenge using the first hardware identifier;

periodically re-authenticating the second device as major authentication cycles; and

periodically performing a key exchange as minor authentication cycles.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Detection and deterrence of device tampering and subversion by substitution may be achieved by including a cryptographic unit within a computing device for binding multiple hardware devices and mutually authenticating the devices. The cryptographic unit includes a physically unclonable function (“PUF”) circuit disposed in or on the hardware device, which generates a binding PUF value. The cryptographic unit uses the binding PUF value during an enrollment phase and subsequent authentication phases. During a subsequent authentication phase, the cryptographic unit uses the binding PUF values of the multiple hardware devices to generate a challenge to send to the other device, and to verify a challenge received from the other device to mutually authenticate the hardware devices.

129 Citations

16 Claims

1. A method for cryptographically authenticating hardware devices, the method comprising:
- retrieving helper data, wherein the helper data is previously generated during an enrollment of the first device and a second device of the hardware devices, wherein the helper data is generated using a first hardware identifier of the first device and a second hardware identifier of the second device;
  
  extracting the second hardware identifier using the helper data and the first hardware identifier;
  
  generating a first challenge using the second hardware identifier;
  
  sending the first challenge to the second device of the hardware devices;
  
  receiving a second challenge, wherein the second challenge is generated by the second device using the first hardware identifier;
  
  verifying the second challenge using the first hardware identifier;
  
  periodically re-authenticating the second device as major authentication cycles; and
  
  periodically performing a key exchange as minor authentication cycles.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising recovering a first binding physically unclonable function (“
    - PUF”
      
      ) value from a first PUF circuit disposed on or within the first device as the first hardware identifier, and wherein the second hardware identifier, extracted from the helper data, is a second binding PUF value generated by a second PUF circuit disposed on or within the second device.
  - 3. The method of claim 2, wherein said generating the first challenge comprises:
    - generating a first test value;
      
      selecting a first value;
      
      calculating a hash value for the second binding PUF value;
      
      calculating a hash value of a function of the second binding PUF value and the first test value; and
      
      combining the hash value for the second binding PUF value with the first value to generate a combined value, wherein said sending the first challenge comprises sending the first test value, the hash value of the function of the second binding PUF value and the first test value, and the combined value.
  - 4. The method of claim 2, wherein the second challenge comprises a second test value, a hash value of a function of the first binding PUF value and the second test value, and a combined value of the hash value of the first binding PUF value and a second value, and wherein said verifying the second challenge comprises:
    - calculating a verification hash value of a function of the first binding PUF value and the second test value; and
      
      comparing the verification hash value with the hash value of the function of the first binding PUF value and the second test value received as part of the second challenge from the second device, wherein the second device is authenticated when the verification hash value matches the hash value of the function of the first binding PUF value and the second test value received as part of the second challenge.
  - 5. The method of claim 4, further comprising:
    - when the verification hash value matches the hash value of the function of the first binding PUF value and the second test value received as part of the second challenge,calculating the second value; and
      
      combining the first value and the second value to generate an initial key.
  - 6. The method of claim 5, further comprising using the initial key as an encryption key in a symmetric encryption algorithm.
  - 7. The method of claim 5, further comprising using the initial key for at least one of a keyed hash or a keyed message authentication code for subsequent authentication of data between devices.
  - 8. The method of claim 5, further comprising using the initial key to permute signal lines of a bus to which the first device and the second device are coupled.
  - 9. The method of claim 5, further comprising using the initial key to generate a public-private key pair.

10. A computing device, comprising:
- a hardware platform;
  
  a cryptographic unit, disposed in or on the hardware platform for binding and mutually authenticating the computing device to a second computing device, the cryptographic unit comprising;
  
  a first physically unclonable function (“
  
  PUF”
  
  ) circuit disposed in or on the hardware platform, the first PUF circuit coupled to output a first binding PUF value,wherein the cryptographic unit is configured to send the first binding PUF value to the second computing device over a communication channel, and to receive helper data over the communication channel from the second computing device to bind the computing device and the second computing device, wherein the helper data is generated by the second computing device using the first binding PUF value and a second binding PUF value generated using a second PUF circuit disposed on or within the second computing device, and wherein the cryptographic unit comprises an encryptor coupled to encrypt the first binding PUF value with a public key of the second computing device before sending the first binding PUF value to the second computing device; and
  
  a noise reduction circuit coupled between the first PUF circuit and the encryptor, the noise reduction circuit coupled to receive the first binding PUF value, to reduce uncertainty in the first binding PUF value, and to output a seed value to the encryptor based on the first binding PUF value, and wherein the noise reduction circuit includes a seed generation mode to generate the seed value, and a seed recovery mode to re-create the seed value.
- View Dependent Claims (11, 12)
- - 11. The computing device of claim 10, wherein the cryptographic unit includes a challenge generation mode, wherein during the challenge generation mode the cryptographic unit comprises:
    - a first logic unit to combine the first binding PUF value and the helper data to generate the second binding PUF value;
      
      a hash unit coupled to the first logic unit to receive the second binding PUF value and to generate a hash value for the second binding PUF value, a hash value of a function of the second binding PUF value and a first test value; and
      
      a second logic unit to combine a first key with the hash value of the second binding PUF value to generate a combined value, wherein the cryptographic unit is configured to generate a first challenge including the first test value, the hash value of the function of the second binding PUF value and the first test value, and the combined value, and to send the first challenge to the second computing device over the communication channel.
  - 12. The computing device of claim 10, wherein the cryptographic unit includes a challenge verification mode, wherein during the challenge verification mode the cryptographic unit comprises:
    - a hash unit coupled to receive the first binding PUF value and to generate a hash value for the first binding PUF value, and a verification hash value of a function of the first binding PUF value and a second test value;
      
      a comparison unit coupled to receive the verification hash value and a hash value of a function of the first binding PUF value and the second test value received as part of a second challenge generated by the second computing device; and
      
      a key generator coupled to generate an initial key when a comparison by the comparison unit is a match, wherein the key generator is configured to generate the initial key using the hash value of the first binding PUF value, a combined value of the hash value for the first binding PUF value and a second key received as part of the second challenge.

13. A computing device, comprising:
- a hardware platform; and
  
  a cryptographic unit for binding and mutually authenticating the computing device to a second computing device, the cryptographic unit comprising;
  
  one or more PUF circuits disposed in or on the hardware platform, wherein the one or more PUF circuits coupled to output a first binding PUF value, and wherein the one or more PUF circuits are coupled to output a fingerprint PUF value;
  
  a combining circuit coupled to receive the first binding PUF value and a second binding PUF value, received from the second computing device, and to generate helper data using the first and second binding PUF values, and wherein the combining circuit is coupled to output the helper data for mutual authentication of the binding of the computing device and the second computing device;
  
  a key generator coupled to generate a private key of a public-private key pair based on the fingerprint PUF value;
  
  a decryptor coupled to receive a message, including a second binding PUF value encrypted with a public key of the public-private key pair, from the second computing device, and coupled to output the second binding PUF value decrypted with the private key; and
  
  a noise reduction circuit coupled between the second PUF circuit and the key generator, the noise reduction circuit coupled to receive the fingerprint PUF value, to reduce uncertainty in the fingerprint PUF value, and to output a seed value to the key generator based on the fingerprint PUF value.
- View Dependent Claims (14, 15, 16)
- - 14. The computing device of claim 13, further comprising a noise reduction circuit coupled between the first PUF circuit and the combining circuit, the noise reduction circuit coupled to receive the first binding PUF value, to reduce uncertainty in the first binding PUF value, and to output a seed value to the combining circuit based on the first binding PUF value.
  - 15. The computing device of claim 13, wherein the cryptographic unit includes a challenge generation mode, wherein during the challenge generation mode the cryptographic unit comprises:
    - a first logic unit to combine the first binding PUF value and the helper data to calculate or recover the second binding PUF value;
      
      a hash unit coupled to the first logic unit to receive the second binding PUF value and to generate a hash value for the second binding PUF value, a hash value of a function of the second binding PUF value and a first test value; and
      
      a second logic unit to combine a first key with the hash value of the second binding PUF value to generate a combined value, wherein the cryptographic unit is configured to generate a first challenge including the first test value, the hash value of the function of the second binding PUF value and the first test value, and the combined value, and to send the first challenge to the second computing device over a communication channel.
  - 16. The computing device of claim 13, wherein the cryptographic unit includes a challenge verification mode, wherein during the challenge verification mode the cryptographic unit comprises:
    - a hash unit coupled to receive the first binding PUF value and to generate a hash value for the first binding PUF value, and a verification hash value of a function of the first binding PUF value and a second test value;
      
      a comparison unit coupled to receive the verification hash value and a hash value of a function of the first binding PUF value and the second test value received as part of a second challenge generated by the second computing device; and
      
      a second key generator coupled to generate an initial key when a comparison by the comparison unit is a match, using the hash value of the first binding PUF value, a combined value of the hash value for the first binding PUF value and a second key received as part of the second challenge.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
National Technology & Engineering Solutions Of Sandia LLC (Honeywell International Inc.)
Original Assignee
Sandia Corporation (Martin Marietta Corporation)
Inventors
Hamlet, Jason R., Pierson, Lyndon G.
Primary Examiner(s)
Hoffman, Brandon
Assistant Examiner(s)
Anderson, Michael D

Application Number

US12/908,131
Time in Patent Office

1,231 Days
Field of Search

713/150, 713/185, 326/80
US Class Current

713/150
CPC Class Codes

G06F 21/44   Program or device authentic...

H04L 2209/12   Details relating to cryptog...

H04L 9/0866   involving user or device id...

H04L 9/3278   using physically unclonable...

Hardware device binding and mutual authentication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

129 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Hardware device binding and mutual authentication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

129 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links